Samba Command Line Configuration on openSUSE

All of the configuration that we made through YaST, and more can be actioned at the command line. For ease of management YaST is extremely useful. As with most GUIs though it will lack speed, automation and full control abilities. I always suggest using the GUI to begin your Linux Management but as you become more confident with the command line you will naturally migrate to the shell for further management.

The SAMBA configuration is stored with the /etc/samba directory and the main file is the smb.conf and extract is show below from our configuration that was created though our YaST set-up.

The section [global] covers the settings for the servers and then we have sections for shares such as [homes] as you can see from the graphic. This files needs to be edited with root privileges and the smb service restarted on changes. You can gedit or kate as graphical text editors, or if you are familiar with vi the ubiquitous command line editor.

To create a new share as we saw before from YaST this can be done in the GUI but it is easier to explain from the smb.conf and not difficult to add shares either in this way. Lets first take a look at an existing share, the directory /home is shared out by default on openSUSE. This is not the users individual home directory but the top level directory that is used to host each individual users' home directory. Think of this as the c:\users directory that you would find on Windows Server 2008 or Windows 7.

[users] This sets the name of the share

comment A description or comment for the share. This is not required

path The path to the directory that is to be shared out. As you can see the share-name does not need to match the path.

read only This is set to No as such,t he share is able to be written to. Users will also need permissions in the file-system. When both share and file-system permissions are set the most restrictive permission becomes the effective permission. For example:

If the share is set to Read Only = Yes and I have write permissions in the file-system, I will not be able to write. The restrictive permission wins.

If the share is writeable, as in this case, but I have only read permissions in the file-system then I am not able to write to files.

inherit acls This ensures that if we are using ACLs in our Linux file-system, and we should, that the default ACL is inherited as new files and directories are created. The default behaviour,(if this is not set) is to have the standard Linux permissions set rather than use the default ACL,

veto files Disables access to files or directories if accessed via the share. So here we disable access to the file aquota.user, the directory groups and the directory shares. These files and directories do not exist by default but access is automatically disabled if they are created in this share. The list, as you see, is “/” separated.

Now if you want to create a new share, you can use the YaST tool, however if you edit the /etc/smb.conf you just need to add these lines to share the /tmp directory as an example.

[temp]

path = /tmp read only = No

Once added to the file and saved we need to test the configuration for errors with the command testparm. If that is successful then restart the service with the command rcsmb restart .

Note: On SUSE we can control services with short-cuts called symlinks. These all begin with rc and are included your path statement so tab-completion can be used. This makes the process of service management more simple on SUSE. If you are using or used to other distributions you can still start the services from the /etc/init.d directory or use the command service .

The SAMBA service is now ready but you may recall we have just one SAMBA user, root. If we need to enable others we must do so either though YaST or as root from the command line. The command line, I feel, is the easiest was as the GUI is a little complex for this particular task.

To enable an account for SAMBA we can use the command line tool smbpasswd.

smbpasswd -a geeko : adds the geeko account to SAMBA

smbpasswd -x geeko : removes the geeko account from SAMBA

smbpasswd -d geeko : disables the geeko account but leaves it in the password backend